From 78e58ccfa6a7f7d5f07e80808870cec5922c445e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcel=20Fabian=20Kr=C3=BCger?= <tex@2krueger.de>
Date: Tue, 10 Aug 2021 16:49:23 +0200
Subject: [PATCH] Add release system for GH Actions

---
 .github/workflows/deploy.yaml | 121 ++++++++++++++++++++++++++++++++++
 .github/workflows/main.yaml   |   7 +-
 2 files changed, 126 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/deploy.yaml

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
new file mode 100644
index 0000000000..90ed248961
--- /dev/null
+++ b/.github/workflows/deploy.yaml
@@ -0,0 +1,121 @@
+name: Create release
+
+# We create releases for all new tags
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  # The l3build job contains the actual work. This is mostly the same as in main.yaml
+  # and should stay synchronized. Sadly it doesn't seem possible to reuse the instructions at the moment.
+  release:
+    runs-on: ubuntu-20.04
+    name: Build release
+    steps:
+      # Boilerplate
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      # GitHub Actions don't regenerate the test if the key doesn't change, so
+      # we integrate a random UUID into the key to keep them different.
+      # DO NOT CHANGE THIS
+      - name: Generate unique ID
+        id: get-id
+        run: |
+          echo -n ::set-output name=id::
+          cat /proc/sys/kernel/random/uuid
+      # Actually load the cache. Since we never reuse the key, we need restore-keys
+      # to indicate the prefix of our caches. This loads the newest cache with this
+      # prefix in the key.
+      #
+      # If we want to force regeneration of the cache, increase the number after
+      # *both* instances of "texlive-v"
+      - name: Load cache
+        uses: actions/cache@v2
+        with:
+          path: ~/texlive
+          key: texlive-v0-${{ steps.get-id.outputs.id }}
+          restore-keys: texlive-v0-
+      # We need Ghostscript for dvips and XeTeX tests.
+      - run: sudo apt-get install ghostscript
+      - name: Install TeX Live
+        uses: zauguin/install-texlive@v1
+        with:
+          # List the required TeX Live packages in a separate file to allow reuse in
+          # different workflows.
+          package_file: .github/tl_packages
+      - name: Run l3build
+        run: l3build ctan -q -H --show-log-on-error
+      - name: Archive failed test output
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: testfiles
+          path: build/test*/*.diff
+          # Decide how long to keep the test output artifact:
+          retention-days: 3
+      # Now create the release (this only runs if the previous steps were successful)
+      - name: Create GitHub release
+        uses: ncipollo/release-action@880be3d0a71bc0fa98db60201d2cbdc27324f547
+        id: release
+        with:
+          artifacts: "build/distrib/ctan/*.zip"
+          token: ${{ secrets.GITHUB_TOKEN }}
+      # Determine the name of the tag we are working on. Sadly GH Actions only provides
+      # github.ref which has the name prefixed with github.ref and no way to remove a prefix
+      # in normal expressions, so we need an action for that.
+      - name: Get name
+        uses: frabert/replace-string-action@9b62dfe3ae936b1cc380f2421c8ac9e63a4a3e85
+        id: name
+        if: ${{ always() }}
+        with:
+          pattern: "^refs/(?:heads|tags)/"
+          string: ${{ github.ref }}
+          replace-with: ""
+      # While the normal notification job only informs about failed runs, we additionally want to notify about successful releases.
+      - name: Send mail
+        # The explicit commit hash ensures that this can't be used by dawidd6 as a
+        # backdoor to execute arbitrary code during our runs.
+        uses: dawidd6/action-send-mail@ceb614a2c5737d913f2d2729e2bcc70ad933382b
+        with:
+          # Currently using my (Marcel's) mail server for sending mails.
+          server_address: typesetting.eu
+          server_port: 587
+          # These values can be changed in the repository settings.
+          username: ${{secrets.MAIL_USERNAME}}
+          password: ${{secrets.MAIL_PASSWORD}}
+          # If we want to send notifications to additional addresses, at them here as
+          # a comma separated list.
+          to: latex3-commits@tug.org
+          # The name is arbitrary, but if you want to change the address you need to
+          # coordinate it with the administrator of the mail server to allow the account
+          # to send from the mail address.
+          from: LaTeX CI <github@latex-project.org>
+          # Determine the subject and body of the mail.
+          subject: "Version ${{steps.name.outputs.replaced}} of ${{github.repository}} has been released"
+          body: |
+            The release ${{steps.name.outputs.replaced}} has been created for ${{github.repository}}.
+
+            More information can be found at
+            ${{steps.release.outputs.html_url}}
+      - name: Send failure notification
+        uses: dawidd6/action-send-mail@ceb614a2c5737d913f2d2729e2bcc70ad933382b
+        if: ${{ failure() }}
+        with:
+          server_address: typesetting.eu
+          server_port: 587
+          username: ${{secrets.MAIL_USERNAME}}
+          password: ${{secrets.MAIL_PASSWORD}}
+          to: latex3-commits@tug.org
+          from: LaTeX CI <github@latex-project.org>
+          priority: high
+          # Determine the subject and body of the mail.
+          subject: "Test failure while trying to build release ${{steps.name.outputs.replaced}} in ${{github.repository}}"
+          body: |
+            Test failure for ${{github.repository}}
+            -------------------------------------------------------------
+
+            On tag:           ${{steps.name.outputs.replaced}} (${{github.sha}})
+            Initiated by:     ${{github.actor}}
+            Commit URL:       https://github.com/${{github.repository}}/commit/${{github.sha}}
+            More information: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 0dcee6d1e5..54ffc1bba7 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -2,8 +2,10 @@ name: Automated testing
 
 # Currently we run in two situations:
 on:
-  # Whenever someone pushes to a branch or tag in our repo
+  # Whenever someone pushes to a branch in our repo
   push:
+    branches:
+      - "*"
   # Whenever a pull request is opened, reopened or gets new commits.
   pull_request:
 # This implies that for every push to a local branch in our repo for which a
@@ -13,6 +15,7 @@ on:
 jobs:
   # The l3build job contains the actual work. We misuse the matrix mechanism to
   # create three jobs which only differ in minimal elements.
+  # For tags we do not run this since we run the release job instead.
   l3build:
     runs-on: ubuntu-20.04
     strategy:
@@ -32,7 +35,7 @@ jobs:
           - name: "Documentation"
             l3build_cmd: l3build doc -q -H
             artifact_name: Documentation
-    name: ${{matrix.name }}
+    name: ${{ matrix.name }}
     steps:
       # Boilerplate
       - name: Checkout repository